Ridvay Code OS Command Injection Vulnerability Leading to Remote Code Execution

Vulnerability

A critical OS command injection vulnerability has been identified in Ridvay Code's command auto-approval module, affecting versions through 0.1.1. This vulnerability undermines the module's whitelist security mechanism by allowing attackers to exploit fragile regular expressions used for command validation. The issue arises from the module's failure to properly handle standard Shell command substitution, specifically with dollar sign parentheses and backticks. As a result, an attacker can inject malicious commands that are misidentified as safe, leading to remote code execution without any user interaction.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Added: Mar 31, 2026, 3:35 PM

Updated: Mar 31, 2026, 3:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ridvay Code OS Command Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating